login about faq

Hi, I have a question regarding to Email digital signature. I used the following codes to sign and send email to my customers. Everything was fine, except when my customers received this email and opened it with outlook 2007/2010/2013, at the very first time, it would indicate the signature is invalid, but after "edit trust", the signature became valid. Why?

Ps. The key(pfx file) is bought from Symantec.com

//-------------------------------
 CkCert cert;
    const char pfxFilepath = "test.pfx";
    const char pfxPassword = "secret";
    success = cert.LoadPfxFile(pfxFilepath,pfxPassword);  
if (success == false) { cout << cert.lastErrorText(); return; }

email.LoadEml("test.eml"); mime.LoadMime(email.getMime());
mime.put_SigningHashAlg("sha-1"); mime.ConvertToSigned(cert); mailman.put_SmtpHost("192.168.1.12"); success =mailman.SendMime("test@test.com", "test@test.com", mime.getMime());

//-----------------------------------

Best Regards, Tom

asked Jan 11 '15 at 04:50

hsujong's gravatar image

hsujong
263313

edited Jan 11 '15 at 09:20

jpbro's gravatar image

jpbro ♦
1.1k2618


If using Edit Trust allows the signature to be trusted, that suggests that the root CA certificate used by Symantec is not itself in the existing trusted roots on those systems. You could need to ask your customers to check the Symantec root cert details and compare them to the trusted roots in the certificate store on their PC, I would guess that the certificate does not exist. If that's the case you will need to contact Symantec support and ask them why they are signing certificates with a root certificate that is not present by default in the Windows certificate store.

Dan

link

answered Jan 12 '15 at 02:33

AgeofStrife's gravatar image

AgeofStrife
9614

Hi

I found the source of the problem. The problem is from windows XP. If the certification was exported from windows 7, then it would be OK. But, if the certification is exported from windows XP, it would have the issues. I googled it and found out there was a update for windows XP.

Tom

link

answered Jan 28 '15 at 07:41

hsujong's gravatar image

hsujong
263313

Hi Dan,

Thank you very much for your help. I encountered a very strange situation. I found out if I ran this codes in windows server 2012, the email received in Outlook 2013 was OK, but OutLook 2010/2007 is not. But, if I ran this codes in windows 7 under my account, then it was fine for all outlook 2013/2010/2007 versions. And, this situation is only happened with one pfx file (I tried many pfx files, the others were all fine). Do you have any idea?

Best Regards,

Tom

link

answered Jan 14 '15 at 04:07

hsujong's gravatar image

hsujong
263313

Hi Tom,

Sorry, my certificate handling knowledge is pretty small, mostly to do with web servers rather than email. Have you compared the Trusted Roots stores on Windows Server 2012 to your Windows 7 one, to see if maybe you have an outdated root certificate in Windows Server 2012?

Dan

link

answered Jan 14 '15 at 04:10

AgeofStrife's gravatar image

AgeofStrife
9614

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×184
×21
×4

Asked: Jan 11 '15 at 04:50

Seen: 1,160 times

Last updated: Jan 28 '15 at 07:41

powered by OSQA